Is it possible to change the read-only / read-write status of a docker mount at runtime?
I have a docked application that uses the file system to store a lot of state. The application code is contained in the docker image
I am considering an upgrade strategy that involves splitting the volume between two containers, but make sure that no more than one container can write to this filesystem.
The working process:
- launch container A with / set data rw
- run container B with / installed data and a newer version of the app
- stop submitting requests to container A
- for container A, make / data mount read-only
- for container B, make / read mount read-write
- start sending requests to container B
source to share
You can re-mount your volume from inside the container in mode rw
, for example:
mount -o remount,rw /mnt/data
The catch is that the mount syscall is not allowed inside Docker containers by default, so you'll have to run it in privileged mode:
docker run --privileged ...
or enable SYS_ADMIN capability
SYS_ADMIN Performs a number of system administration operations.
docker run --cap-add=SYS_ADMIN --security-opt apparmor:unconfined
(note that I had to add add -security-opt apparmor: unconfined to get this working on Ubuntu).
In addition, reinstalling a volume rw
on a volume ro
can be tricky, as some processes may already have some files inside it open for writing, in which case remount
an error is busy
message will fail .
But my guess is that you can just restart the container instead (since this will be the one that launches the old version of the application).
source to share